6.8

CVE-2011-1003

Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document.  NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ClamavClamav Version <= 0.96.5
ClamavClamav Version0.01
ClamavClamav Version0.02
ClamavClamav Version0.3
ClamavClamav Version0.03
ClamavClamav Version0.05
ClamavClamav Version0.8 Updaterc3
ClamavClamav Version0.9 Updaterc1
ClamavClamav Version0.10
ClamavClamav Version0.12
ClamavClamav Version0.13
ClamavClamav Version0.14
ClamavClamav Version0.14 Updatepre
ClamavClamav Version0.15
ClamavClamav Version0.20
ClamavClamav Version0.21
ClamavClamav Version0.22
ClamavClamav Version0.23
ClamavClamav Version0.24
ClamavClamav Version0.51
ClamavClamav Version0.52
ClamavClamav Version0.53
ClamavClamav Version0.54
ClamavClamav Version0.60
ClamavClamav Version0.60p
ClamavClamav Version0.65
ClamavClamav Version0.66
ClamavClamav Version0.67
ClamavClamav Version0.67-1
ClamavClamav Version0.68
ClamavClamav Version0.68.1
ClamavClamav Version0.70
ClamavClamav Version0.70 Updaterc
ClamavClamav Version0.71
ClamavClamav Version0.72
ClamavClamav Version0.73
ClamavClamav Version0.74
ClamavClamav Version0.75
ClamavClamav Version0.75.1
ClamavClamav Version0.80
ClamavClamav Version0.80 Updaterc
ClamavClamav Version0.80 Updaterc1
ClamavClamav Version0.80 Updaterc2
ClamavClamav Version0.80 Updaterc3
ClamavClamav Version0.80 Updaterc4
ClamavClamav Version0.80_rc
ClamavClamav Version0.81
ClamavClamav Version0.81 Updaterc1
ClamavClamav Version0.82
ClamavClamav Version0.83
ClamavClamav Version0.84
ClamavClamav Version0.84 Updaterc1
ClamavClamav Version0.84 Updaterc2
ClamavClamav Version0.85
ClamavClamav Version0.85.1
ClamavClamav Version0.86
ClamavClamav Version0.86 Updaterc1
ClamavClamav Version0.86.1
ClamavClamav Version0.86.2
ClamavClamav Version0.87
ClamavClamav Version0.87.1
ClamavClamav Version0.88
ClamavClamav Version0.88.1
ClamavClamav Version0.88.2
ClamavClamav Version0.88.3
ClamavClamav Version0.88.4
ClamavClamav Version0.88.5
ClamavClamav Version0.88.6
ClamavClamav Version0.88.7
ClamavClamav Version0.88.7_p0
ClamavClamav Version0.88.7_p1
ClamavClamav Version0.90
ClamavClamav Version0.90 Updaterc1
ClamavClamav Version0.90 Updaterc1.1
ClamavClamav Version0.90 Updaterc2
ClamavClamav Version0.90 Updaterc3
ClamavClamav Version0.90.1
ClamavClamav Version0.90.1_p0
ClamavClamav Version0.90.2
ClamavClamav Version0.90.2_p0
ClamavClamav Version0.90.3
ClamavClamav Version0.90.3_p0
ClamavClamav Version0.90.3_p1
ClamavClamav Version0.91
ClamavClamav Version0.91 Updaterc1
ClamavClamav Version0.91 Updaterc2
ClamavClamav Version0.91.1
ClamavClamav Version0.91.2
ClamavClamav Version0.91.2_p0
ClamavClamav Version0.92
ClamavClamav Version0.92.1
ClamavClamav Version0.92_p0
ClamavClamav Version0.93
ClamavClamav Version0.93.1
ClamavClamav Version0.93.2
ClamavClamav Version0.93.3
ClamavClamav Version0.94
ClamavClamav Version0.94.1
ClamavClamav Version0.94.2
ClamavClamav Version0.95
ClamavClamav Version0.95 Updaterc1
ClamavClamav Version0.95 Updaterc2
ClamavClamav Version0.95 Updatesrc1
ClamavClamav Version0.95 Updatesrc2
ClamavClamav Version0.95.1
ClamavClamav Version0.95.2
ClamavClamav Version0.95.3
ClamavClamav Version0.96
ClamavClamav Version0.96 Updaterc1
ClamavClamav Version0.96 Updaterc2
ClamavClamav Version0.96.1
ClamavClamav Version0.96.2
ClamavClamav Version0.96.3
ClamavClamav Version0.96.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.22% 0.897
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055771.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055777.html
http://secunia.com/advisories/43752
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob%3Bf=ChangeLog%3Bhb=clamav-0.97
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commit%3Bh=d21fb8d975f8c9688894a8cef4d50d977022e09f
http://openwall.com/lists/oss-security/2011/02/21/1
http://openwall.com/lists/oss-security/2011/02/21/4
http://osvdb.org/70937
http://secunia.com/advisories/43392
Vendor Advisory
http://secunia.com/advisories/43498
http://securitytracker.com/id?1025100
http://www.mandriva.com/en/support/security/advisories/?name=MDVA-2011:007
http://www.securityfocus.com/bid/46470
http://www.ubuntu.com/usn/USN-1076-1
http://www.vupen.com/english/advisories/2011/0453
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0458
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0523
https://exchange.xforce.ibmcloud.com/vulnerabilities/65544
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486